Ubuntu / Linux news and application reviews.

A message on the Chromium dev group points out that the Chromium Linux builds got encrypted passwords which use GNOME Keyring or KDE KWallet. Until now, Chromium / Google Chrome used to store the passwords unencrypted which combined with the fact that Chromium doesn't use a master password can be seen as a major security flow.

The passwords have always been encrypted on Mac and Windows, so now it's time for Linux to get this feature too.

To use the new feature, you need the latest Chromium daily build (r50475) and then run Chromium using:

--password-store=gnome--password-store=kwallet--password-store=detect

The last option ("detect") will try to autodetect if Chromium should use GNOME Keyring or KDE KWallet and this will eventually be the default option:

For now, without the flag, we will continue to use the built-in unencrypted store. With the flag, we will now try to use the requested store (or autodetect one, and use that) to store passwords, and we will migrate existing passwords to this store. This requires GNOME Keyring > 2.22 (which rules out Ubuntu 8.04) or KDE 4. In the event of failure to initialize the encrypted store, we fall back on the built-in store.

In my tests using Ubuntu 10.04 with GNOME and the latest Chromium from the Chromium Daily builds PPA, the passwords are still not encrypted. To check if Chromium encrypts your passwords, run this in a terminal: